Recently, there were more and more cyber security attacks against critical infrastructures. What is a critical infrastructure? Provide some examples. What are the targets of such attacks?
From where do external attackers (outside attackers, remote attackers) attack networks and computers?
Do you know some intrusion techniques? Can you explain these techniques in detail?
List known vulnerabilities of systems. Can you explain these vulnerabilities in more details.
What authentication methods do you know?
List and explain the five stages / phases of an intrusion into a system.
Do you know "shortcuts" to the five stages / phases of an intrusion?
What are well known computer-based security mechanisms (Host-based security mechanisms)?
What are well-known network-based security mechanisms?
What are capabilities of network firewalls?
What are limitations of network firewalls?
Which other terms are used for network layer firewalls?
Explain briefly the operation of network layer firewalls.
Which protocol header fields are usually evaluated by a packet filter?
What is a stateful inspection firewall?
What is meant by "deep inspection"?
What are the features of a "Next Generation Firewall"?
Explain the term "Unified Threat Management UTM"
What's the intention of threat protection firewalls? How do they work?
What's an advanced persistent threat (APT)?
What is an application layer firewall? How does it work?
How do proxy servers work, what are non-/transparent proxy servers?
What are "Web Application Firewalls" for?
Which basic firewall architectures do you know?
What are scurity zones?
You enable the access to an internal web server through your home router / firewall via port forwarding. Which firewall architecture corresponds to this setup? What dangers does it offer?
What are advantages/disadvantages of a IDS/IPS?
Explain the term "endpoint security"
What's the function of an SIEM?
Explain the "Zero Trust" approach to improve network security
Topic 5: Linux firewall (netfilter / iptables / nftables)¶
Explain the structure of "netfilter (-hooks)"
Which are the predefined rule chains of "netfilter" / "iptables"?
Can you draw a schema of the rule chains in the filter table? Where do they have an effect?
What is the "nat" table of "netfilter" / "iptables" for?
Which predefined rule chains belong to the "nat" table?
What is the structure of a rule in an "iptables" chain?
What happens, if a rule matches/does not match a packet?
Which predefined targets are known with "iptables" and what do they do?
Do you know some "match/target extensions" and their work?
What is the purpose of the match extension "state"/"conntrack" of iptables?
What states of connections can be checked by iptables using the match extension "conntrack"?
How can packets be marked for further processing?
Which kind of processing can be done?
Explain presented iptables/nftables rules or rule chains.
Why is "nftables" more flexible then "iptables"?
What are the main differences between "nftables" and "iptables"?
What happens with my "iptables"-rules if "nftables" is deployed?
Explain what the presented "nftables" firewall does (e.g., lab sample solutions).
What is meant with «Opportunistic TLS»? What is meant with «implicit TLS»? What kind of risks / attacks do you know?
What does «HTTP Strict Transport Security» (HSTS) stands for? How is it supposed to work? Describe the OSI layer in general and where the TLS communication takes place.
TLS is composed of the handshake protocol and the record protocol. Describe what happens on each layer?
What information do we find in a «Client Hello» message?
What information contains the CipherSuite such as TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (128-bit AES encryption with SHA-256 message authentication and ephemeral ECDH key exchange signed with an RSA certificate)?
How does a TLS mutual authentication works? Which additional handshake messages are exchanged?
How does a TLS resume session looks like. What are the prerequisites? What is a anonymous TLS session such as TLS_ECDH_anon?
What does the term Forward Secrecy stands for. What has to be done to get perfect forward secrecy (PFS)?
What do you have to do respectively think off to implement a TLS reverse proxy for a company?
What is a bit flipping attack? Which ciphers are vulnerable?
What information do you need to inspect and decipher all TLS packets e.g. with wireshark (TLS private key corresponding to the server certificate, pre-master key, master key)?
What information is exchanged with Diffie-Hellman key exchange in a TLS session? Describe which information is used for a JA3 fingerprint?
How is the master secret derived for the pre-master secret?
Describe how a HMAC function works.
What is meant with «Authenticated Encryption» (AE)?
What is the difference between AE and AEAD (Authenticated Encryption Associated Data)?
Describe a «Padding Oracle Attack».
Describe a «Padding Oracle On DOwngradeD Legacy Encryption» (POODLE) attack.
Describe the changes between TLS 1.2 and TLS 1.3 in respect of:
How does Kerberos works? Why does Kerberos need shared secrets? What are these shared secrets?
The Key Distribution Center (KDC) is composed of the Authentication Server (AS) and the Ticket Granting Server (TGT). What is the function of AS and TGT?
What is a Server Principal Name (SPN)? How is the name composed / structured?
Explain the content and the function of Kerberos Tickets? What is a Ticket Granting Ticket (TGT) and what is a service ticket (ST)? Explain the differences.
Explain the differences between «secret keys» and «session keys».
How does the Kerberos Pre-authentication works?
What is needed to decrypt all messages / tickets in Wireshark?
What type of attacks are referred as «Golden Ticket» «Silver Ticket» attack? What can you do with a «Golden Ticket» or «Silver Ticket»?
What has to be done if an attacker gained a «Golden Ticket»?
Describe Kerberos delegation. What does it mean. Where is it used?
What is the difference between «unconstrained», «constrained» and «resource-based constrained» Delegation.
Can the user prevent delegation?
Can you restrict delegation. Where does it makes sense to restrict delegation?
What are the security risks? Describe how «unconstrained» delegation could be misused.
How can you trick users to connect to your service configured for delegation?
How could a printer on a DC could be attacked?
What mitigation measurements do you know to secure Kerberos?
How does an attack against «constrained» delegation looks like?
What is meant with «protocol transition»? How does it work?
What can you do with the permission «Trusted to Auth for Delegation» S4U2Self & S4U2Proxy?
At which OSI layer can VPN solutions be established? Provide examples.
What advantages and disadvantages, or challenges, are associated with a low-level implementation?
Explain the authentication process involved in IKEv2 (Internet Key Exchange Protocol Version 2).
What is the purpose of the Authentication Header (AH) and the Encapsulating Security Payload (ESP)? Elucidate the distinctions between these two components.
Explain the two IPsec modes: «tunnel mode» and «transport mode».
What MTU (Maximum Transmission Unit) considerations should be taken into account when implementing IPsec?
Which credentials are required to initiate a WireGuard VPN connection?
What is the fundamental concept behind the key exchange in «Noise Protocol Framework»? What is the RTT of the handshake?
Describe VPN network topologies.
What minimum configurations are needed to set up a point-to-point VPN with WireGuard.